Jiri’s Notepad

This week, London is hosting one of the biggest security shows on the continent - Infosecurity Europe. This exhibition/conference is always an excellent opportunity to meet people, friends, listen to some interesting speeches and if you feel like, have a look at what various products, all of which I did today.

From the people perspective, it was as good as ever - only during the first hour I met at least 5 people I worked with in the past. I don’t want to write about the education programme here (I will post notes from the sessions I attended here later on), but overall I would say it was better than during the previous years.

I was (pleasantly) surprised: In the past I found this part of the exhibition with its focus on network security boring and most of the time I avoided vendor stalls. But as I strolled through the aisles of Olympia today, I noticed a slight shift in the types of products at show away from the ‘buy our product to protect yourself from hackers’ pitch of previous years. I don’t want to speculate why, but there was a noticeable shift from previous years.

If my impression from walking around can tell anything about the state of security technology, it is that the new areas will be mobile authentication (probably spawned by many European id cards programmes) and enterprise-wide security and risk measurement (triggered by PCI). Apart from that, thinning down on identity management offering seems to imply that this type of products has been pretty much commoditised. Traditional security technologies I saw were represented by antivirus companies (that seem to be broadening and focusing on ‘endpoint protection) and web application protection. Surprisingly, I have seen relatively little on pure network security (firewall, IDS etc). So it seems to me that the security folks are probably moving beyond the pure perimeter protection and more to enablement. And now it is not just a talk.